1. Field of the Invention
The present invention relates to a system and method for preventing illegal use of software, in particular, a system for preventing an illegal user from decrypting secret information stored in an IC card or the like, which is distributed to a general user.
This application is based on Patent Application No. Hei 10-125619 filed in Japan, the contents of which are incorporated herein by reference.
2. Description of the Related Art
When an IC card for medical use stores software including secret information concerning patients, t is necessary to prevent a third party from decrypting such secret information and illegally using it.
For example, there are two conventional systems used for preventing illegal use of software:
FIG. 5 is a diagram showing the first conventional system for keeping the control program in the operating system (OS) for a microcomputer (i.e., a semiconductor integrated circuit) secret (refer to Japanese Patent Application, First Publication, No. Hei 8-185361).
In FIG. 5, microcomputer 1 includes a system memory (i.e., storage means) 2, a rewritable and nonvolatile memory, in which a control program such as the Kernel in the OS is stored. The system memory 2 stores (i) decrypting key FK used for decrypting data such as an encrypted control program based on a specific decrypting algorithm, and (ii) decrypting-process information FT which includes a program for executing the decrypting algorithm by using the decrypting key FK. The decrypting key FK and decrypting-process information FT are stored in the system memory 2; thus, a user can rewrite this data as the user chooses.
There are two types of the applicable cryptosystems, a symmetrical cryptosystem in which encrypting and decrypting operations are performed using the same key, and an asymmetrical cryptosystem in which encrypting and decrypting operations are performed using different keys. Either system can be used in the system of FIG. 5. In the encrypting and decrypting operations, a reversible operation such as exchange or inversion in a specific bit sequence is controlled using a key.
The microcomputer 1 also comprises input/output circuit 3 for inputting or outputting data via external bus Bg, and RAM 4 for storing specific data input from the input/output circuit 3. The microcomputer 1 further comprises CPU (central processing unit) 5 which controls all the operations of the microcomputer 1. Decoding means FS in this system consists of CPU 5, decrypting key FK, and decrypting-process information FT. The system memory 2, input/output circuit 3, RAM 4, and CPU 5 are connected with each other via an internal bus 6.
The conventional system (for preventing illegal use of software) having the above structure employs the following method for protecting secret information from an illegal user.
In this system, a function of CPU 5 for protecting commands and data is used. The system memory 2 can be accessed only in the supervisor mode. Therefore, generally, secret information stored in the system memory 2 cannot be retrieved by a general user.
The second conventional system for preventing illegal use employs a dedicated device or means for storing secret information, and has the function of physically destroying the dedicated device when an illegal user tries to physically analyze the system.
However, the above first and second illegal-use preventing systems have the following problems.
The problem caused by the first system is that secret information cannot be completely protected by the relevant software. The reason is that the secret-information protecting means in the first system only inhibits an access in a mode other than the supervisor mode; thus, if an illegal user tries to perform an analysis using a software debugger which is operated in the supervisor mode, the protection of secret information is ineffective.
The problem caused by the second system is that if such a dedicated means is wholly constructed using software, secret information itself must be stored in a general file storage device. In this case, the secret information can also be stored in another file storage device as a backup copy. Therefore, if an illegal user stores backup data of secret information in another file storage device in advance, it is easy to restore the backup data even if secret information stored in the main file storage system is destroyed.